Month: August 2023

An issue was discovered with ImageMagick 7.1.0-4 via Division by zero in function ReadEnhMetaFile of coders/emf.c. Continue reading CVE-2021-40211 (imagemagick)→

Reachable Assertion vulnerability in upx before 4.0.0 allows attackers to cause a denial of service via crafted file passed to the the readx function. Continue reading CVE-2021-46179 (upx)→

FreeImage before 1.18.0, ReadPalette function in PluginTIFF.cpp is vulnerabile to null pointer dereference. Continue reading CVE-2021-40266 (freeimage)→

A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL (GNU Scientific Library), versions 2.5 and 2.6. Processing a maliciously crafted input data for gsl_stats_quantile_from_sorted_data of the library may l… Continue reading CVE-2020-35357 (debian_linux, gnu_scientific_library)→

libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c. Continue reading CVE-2021-29390 (fedora, libjpeg-turbo)→

Stack overflow vulnerability in OpenSC smart card middleware before 0.23 via crafted responses to APDUs. Continue reading CVE-2021-34193 (opensc)→

A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL (GNU Scientific Library), versions 2.5 and 2.6. Processing a maliciously crafted input data for gsl_stats_quantile_from_sorted_data of the library may l… Continue reading CVE-2020-35357 (gnu_scientific_library)→

VSFTPD 3.0.3 allows attackers to cause a denial of service due to limited number of connections allowed. Continue reading CVE-2021-30047 (vsftpd)→

libjpeg-turbo version 2.0.90 is vulnerable to a heap-buffer-overflow vulnerability in decompress_smooth_data in jdcoefct.c. Continue reading CVE-2021-29390 (libjpeg-turbo)→

GNU Binutils before 2.34 has an uninitialized-heap vulnerability in function tic4x_print_cond (file opcodes/tic4x-dis.c) which could allow attackers to make an information leak. Continue reading CVE-2020-35342 (binutils)→